CVE-2018-1000148

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
jenkinscopy_to_slave
𝑥
≤ 1.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545